论文信息 - TO BEnchmark or NOT TO BEnchmark security: That is the question

TO BEnchmark or NOT TO BEnchmark security: That is the question

The multiplicity of available software and component alternatives has boosted the interest in suitable benchmarks, able to assist in the selection of candidate solutions from the existing diversity, concerning several attributes. The huge success of performance and dependability benchmarking, however, markedly contrasts with the small advances on security benchmarking, which has only sparsely been studied in recent years. In this position paper we discuss the difficulties involved in applying the dependability benchmarking approach to the security context, and propose and discuss an appealing alternative: trustworthiness benchmarking.

Marco Vieira | Afonso Araújo Neto

[1] Barry P. Mulcahy,et al. Trust-terms ontology for defining security requirements and metrics , 2010, ECSA '10.

[2] Alex Biryukov,et al. Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[3] Kymie M. C. Tan,et al. An Approach to Measuring a System's Attack Surface , 2007 .

[4] Shirley C. Payne,et al. A Guide to Security Metrics , 2007 .

[5] Stephen Marsh,et al. Trust, Untrust, Distrust and Mistrust - An Exploration of the Dark(er) Side , 2005, iTrust.

[6] Jim Gray. Database and Transaction Processing Performance Handbook , 1993, The Benchmark Handbook.

[7] Xiaoyun Wang,et al. Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[8] Indrajit Ray,et al. A Vector Model of Trust for Developing Trustworthy Systems , 2004, ESORICS.

[9] N. L. Chervany,et al. THE MEANINGS OF TRUST , 2000 .

[10] Jean Arlat,et al. Faultload Representativeness for Dependability Benchmarking , 2002 .

[11] Wayne A. Jansen,et al. Directions in Security Metrics Research , 2009 .

[12] Mario R. Barbacci,et al. Quality Attribute Workshops (QAWs), Third Edition , 2003 .

[13] David Wright,et al. Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..